PredictionPro
Back to News
News

Polymarket to Refund $3 Million After Cyber Attack

Written by Ian Undery Last updated: June 26, 2026 Published: June 26, 2026
Platforms like Polymarket and Kalshi gained visibility during the 2024 U.S. election cycle and have expanded into sports, entertainment, weather, and other areas

Decentralized prediction market giant Polymarket has confirmed that a supply chain attack targeting a third-party vendor resulted in a brief frontend compromise. According to updates published by blockchain intelligence firms and verified cybersecurity trackers, hackers managed to drain roughly $3 million from a pool of users before the platform isolated and neutralized the malicious injection.

The platform has officially promised to issue full refunds for the stolen funds to all affected accounts.

Anatomy of the Breach

In an official communication released via social media, Polymarket explained that an external third-party vendor had been compromised, allowing hackers to inject a malicious script directly into the web platform’s frontend user interface.

The incident came to light after Polymarket’s security infrastructure flagged anomalous behaviors. “We discovered a 3rd party vendor had been compromised, injecting a malicious script into our frontend for some users,” the company stated in a post on X. “We’ve contained it and removed the affected dependency.”

Because the exploit lived on the frontend application rather than the core layer, Polymarket’s underlying betting pools and contracts remained fully secure and uncompromised. Instead, the injected script operated as a targeted phishing drainer. When affected users interacted with the platform’s user interface, the malicious script attempted to hijack token approvals and initiate unauthorized wallet withdrawals.

Blockchain analysts at PeckShield revealed that the attacker specifically went after Polymarket’s native, USDC-backed internal trading currency. After successfully draining the funds from users, the hackers bridged the stolen assets from the Polygon network over to the Ethereum mainnet, systematically swapping the haul into approximately 1,893 ETH.

Assessing the Problem and Damage Control

So far, the company has not publicly disclosed which third-party vendor was compromised, how long the malicious code remained active, or exactly how many users were affected. The majority of the data floating around has been provided by independent on-chain analysts and Web3 cybersecurity experts.

Fortunately, post-incident investigations indicate that the attack’s structural damage was heavily contained. Data shows that fewer than 15 individual user accounts were successfully compromised by the frontend phishing drainer, meaning the theft was concentrated across a small cluster of highly capitalized wallets rather than a platform-wide attack.

Polymarket responded to the security lapse with a massive corporate containment strategy. Alongside removing the compromised third-party package and reinforcing frontend security, the platform announced it would absorb the financial blow entirely on behalf of its user base.

Polymarket’s head of growth, William LeGate, promised to directly contact all impacted individuals and issue full, 100% reimbursements for the stolen cryptocurrency, which translates into roughly $3 million.

Previous Attacks and Collateral Damage

While this response protected affected users, the incident marks the second notable security headache for Polymarket this year. Earlier, independent blockchain investigators traced a $520,000 drain from two of the platform’s operational smart contracts. Polymarket subsequently clarified that the previous incident stemmed from a compromised private key tied to an old internal wallet rather than an exploit of the protocol.

As stated before, a frontend compromise is not the same as an exploit of Polymarket’s core smart contracts. However, it still can be highly dangerous for users if malicious code is injected directly through the site. In this particular case, the hackers only needed to get between the user and the interface used to interact with it to drain high-volume wallets.

A security breach is always bad news for a company that is experiencing a massive surge of trading volume and media attention due to high-profile events like the World Cup. Nevertheless, Polymarket’s proactive stance has successfully removed the immediate threat, assuring customers that their funds remain safe and that affected users will be made whole.